From f108d55965d0ed878436f51fd7ff2a082940593e Mon Sep 17 00:00:00 2001 From: Mans Ziesel Date: Sat, 26 Oct 2024 17:05:14 +0200 Subject: [PATCH] add keycloak --- .../base/keycloak-application.yaml | 20 ++++++ argocd-applications/kustomization.yaml | 1 + keycloak/base/keycloak-deployment.yaml | 64 +++++++++++++++++++ keycloak/base/keycloak-ingress.yaml | 12 ++++ keycloak/base/keycloak-namespace.yaml | 6 ++ keycloak/base/keycloak-pg-cluster.yaml | 15 +++++ keycloak/base/keycloak-svc.yaml | 11 ++++ keycloak/kustomization.yaml | 12 ++++ 8 files changed, 141 insertions(+) create mode 100644 argocd-applications/base/keycloak-application.yaml create mode 100644 keycloak/base/keycloak-deployment.yaml create mode 100644 keycloak/base/keycloak-ingress.yaml create mode 100644 keycloak/base/keycloak-namespace.yaml create mode 100644 keycloak/base/keycloak-pg-cluster.yaml create mode 100644 keycloak/base/keycloak-svc.yaml create mode 100644 keycloak/kustomization.yaml diff --git a/argocd-applications/base/keycloak-application.yaml b/argocd-applications/base/keycloak-application.yaml new file mode 100644 index 0000000..1a1155c --- /dev/null +++ b/argocd-applications/base/keycloak-application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argo-app-keycloak + namespace: argocd +spec: + destination: + name: '' + namespace: default + server: https://kubernetes.default.svc + source: + path: keycloak + repoURL: https://git.mziesel.nl/mans/argocd-test + targetRevision: HEAD + sources: [] + project: default + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/argocd-applications/kustomization.yaml b/argocd-applications/kustomization.yaml index 500571b..86af787 100644 --- a/argocd-applications/kustomization.yaml +++ b/argocd-applications/kustomization.yaml @@ -15,3 +15,4 @@ resources: - ./base/librespeed-application.yaml - ./base/nfs-subdir-external-provisioner-application.yaml - ./base/cloudnative-pg-application.yaml +- ./base/keycloak-application.yaml diff --git a/keycloak/base/keycloak-deployment.yaml b/keycloak/base/keycloak-deployment.yaml new file mode 100644 index 0000000..f9f8d21 --- /dev/null +++ b/keycloak/base/keycloak-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + namespace: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:26.0.2 + args: ["start"] + env: + - name: KEYCLOAK_ADMIN + value: "admin" + - name: KEYCLOAK_ADMIN_PASSWORD + value: "admin" + - name: KC_PROXY + value: "edge" + - name: KC_DB + value: "postgres" + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + name: keycloak-pg-cluster-app + key: host + - name: KC_DB_URL_PORT + valueFrom: + secretKeyRef: + name: keycloak-pg-cluster-app + key: port + - name: KC_DB_URL_DATABASE + valueFrom: + secretKeyRef: + name: keycloak-pg-cluster-app + key: dbname + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + name: keycloak-pg-cluster-app + key: user + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-pg-cluster-app + key: password + - name: KC_PROXY_HEADERS + value: "xforwarded" + - name: KC_HOSTNAME + value: "keycloak.mziesel.nl" + ports: + - name: web + containerPort: 8080 + readinessProbe: + httpGet: + path: /realms/master + port: 8080 diff --git a/keycloak/base/keycloak-ingress.yaml b/keycloak/base/keycloak-ingress.yaml new file mode 100644 index 0000000..bd6a9f3 --- /dev/null +++ b/keycloak/base/keycloak-ingress.yaml @@ -0,0 +1,12 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: keycloak-ingressroute +spec: + routes: + - match: Host(`keycloak.mziesel.nl`) + kind: Rule + services: + - name: keycloak + port: web + tls: {} diff --git a/keycloak/base/keycloak-namespace.yaml b/keycloak/base/keycloak-namespace.yaml new file mode 100644 index 0000000..6a50548 --- /dev/null +++ b/keycloak/base/keycloak-namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak + labels: + pod-security.kubernetes.io/enforce: privileged diff --git a/keycloak/base/keycloak-pg-cluster.yaml b/keycloak/base/keycloak-pg-cluster.yaml new file mode 100644 index 0000000..b29fa30 --- /dev/null +++ b/keycloak/base/keycloak-pg-cluster.yaml @@ -0,0 +1,15 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: keycloak-pg-cluster +spec: + instances: 3 + imageCatalogRef: + apiGroup: postgresql.cnpg.io + kind: ClusterImageCatalog + name: postgresql + major: 17 + + storage: + size: 10Gi + storageClass: nfs-client diff --git a/keycloak/base/keycloak-svc.yaml b/keycloak/base/keycloak-svc.yaml new file mode 100644 index 0000000..9f63f2d --- /dev/null +++ b/keycloak/base/keycloak-svc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak +spec: + ports: + - name: web + port: 80 + targetPort: web + selector: + app: keycloak diff --git a/keycloak/kustomization.yaml b/keycloak/kustomization.yaml new file mode 100644 index 0000000..eec6ca8 --- /dev/null +++ b/keycloak/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: keycloak + +resources: + - ./base/keycloak-namespace.yaml + - ./base/keycloak-pg-cluster.yaml + # - https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes/keycloak.yaml + - ./base/keycloak-deployment.yaml + - ./base/keycloak-svc.yaml + - ./base/keycloak-ingress.yaml